Cyber Round-up

Cyber Round-up for 10th December

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

Emotet Behaviour Could Lead to Ransomware Attacks

Last month we saw the return of Emotet, however it hasn’t been as active as we expected just yet. Emotet is now believed to be using TrickBot to spread and quickly infect devices, and its recent behaviour suggests that a wave of ransomware attacks could be approaching. Researchers have seen what seems to be a new Emotet loader being used within the TrickBot trojan, which would allow the group to install Cobalt Strike directly onto infected machines. This is a warning for all organisations to be prepared for an attack, as they could begin any day now.


BitMart Hack Results in $150 Million Loss

BitMart, a popular cryptocurrency trading platform, has confirmed they were attacked earlier this month, resulting in the theft of around $150 million worth of funds. Following an investigation by security firm, Peckshield, the stolen amount is believed to be closer to $200 million, including $100 million worth of Ethereum and $96 million from the Binance blockchain. This is not the first attack on cryptocurrency platforms, but it is believed to be up there with the largest so far; BitMart confirmed they are still investigating the breach to discover how the attack was performed, and we will provide more details when we learn more.


Facebook to Force At-Risk Accounts to Use Multi-Factor Authentication.

For a long time, Facebook has given users the option to enable multi-factor authentication on their accounts, but until now it has not been enforced. The social media platform has announced that soon, high-risk users will no longer have a choice and will be forced to enable MFA, in an attempt to dramatically increase account security. The social media platform follows in the footsteps of Google and others, who have also began enforcing MFA for administrators and other high-profile accounts. This is a huge step forward for Facebook in terms of security, and we are interested to see what steps they take next.


SPAR Branches Close Due to Cyber Attack

The convenience store SPAR has recently been a victim of a cyber attack affecting its IT systems and causing some of its branches to close until the issue is resolved. 330 SPAR stores in the north of England were forced to close as EPOS systems were unable to process payments using debit or credit cards as well as losing stock logging systems. 

SPAR tweeted on their twitter account “We apologize for any inconvenience this is causing our customers and we are working as quickly as possible to resolve the situation.”


Zoho Warns Of Product Zero-Day Attacks

Zoho, a business offering SaaS and device management tools have released an alert to its ManageEngine Desktop Central users. The device management solution has been thought to be affected by a zero-day attack as Zoho told its customers:

“We are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible,”

The vulnerability allows hackers to bypass authentication and run arbitrary code on desktop central servers. More information can be found here.


Microsoft Seizes Malicious Domains

42 malicious domains have been seized by Microsoft. The sites are thought to be owned by a Chinese-based cyber group. The group has targeted both the public and private sectors in 29 different countries including the United States and the UK. The group used “highly sophisticated” attacks against its targets leveraging vulnerabilities in VPN services, Exchange Server and SharePoint services. Once initial access has been gained the group then deployed tools to steal credentials and backdoor access to command-and-control servers. This is the latest in a long line of take-down’s carried out by both tech giants and law enforcement throughout 2021.


Vulnerabilities & Updates

Authentication Bypass in WordPress Registration Plugin

A vulnerability in RegistrationMagic plugin for WordPress allowed hackers to sign into the accounts of any users on the site bypassing any type of authentication needed. The biggest threat is that administrative accounts were also vulnerable, allowing hackers to access the admin portal, modify settings, and gain access to account information and other sensitive elements. The vulnerability has now been patched. If affected we recommend updating the RegistrationMagic plugin to version or newer to be protected.


And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #170 – 10th December 2021

Why not follow us on social media:

Ironshare – Security Simplified